Final answer:
When an auditor assesses control risk as low based on IT application control procedures, testing the effectiveness of manual follow-up procedures would not be a part of their testing strategy. The auditor would focus on IT general control procedures, management review controls, and the use of test data to verify application accuracy.
The correct answer is A.
Step-by-step explanation:
If an auditor decides to assess control risk as low based on IT application control procedures, the component that would not be part of the auditor's strategy for testing controls is testing the effectiveness of manual follow-up procedures. This option is not directly related to IT application control procedures which are automated by nature. The auditor is focused on assessing the automated controls within the IT environment; hence, manual follow-up procedures, while important in a broader control context, are not immediately relevant to assessing IT application controls specifically.
The auditor's strategy when assessing IT application controls would include the following:
- Testing the effectiveness of IT general control procedures to ensure that the IT environment, as a whole, supports the proper functioning of application controls.
- Testing the effectiveness of management review controls for monitoring the results of operations, which likely relies on IT-generated data.
- Using test data to verify that the application accurately processes transactions and activities under a variety of conditions.
These approaches help provide assurance that the IT application controls are working effectively to prevent or detect errors or fraud within the system. Thus, in this context, manual follow-up procedures would likely not be the primary focus for an auditor testing IT application controls.